Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9621

Document/analyze current Hadoop security model

    Details

    • Type: Task
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
    • Tags:
      security

      Description

      In light of the proposed changes to Hadoop security in Hadoop-9533 and Hadoop-9392, having a common, detailed understanding (in the form of a document) of the benefits/drawbacks of the current security model and how it works would be useful. The document should address all security principals, their authentication mechanisms, and handling of shared secrets through the lens of the following principles: Minimize attack surface area, Establish secure defaults, Principle of Least privilege, Principle of Defense in depth, Fail securely, Don’t trust services, Separation of duties, Avoid security by obscurity, Keep security simple, Fix security issues correctly.

        Attachments

        1. HadoopSecurityAnalysis-20130624.pdf
          1.18 MB
          Kyle Leckie
        2. ThreatsforToken-basedAuthN-20130619.pdf
          92 kB
          Larry McCay
        3. HadoopSecurityAnalysis-20130614.pdf
          750 kB
          Kevin Minder
        4. HadoopSecurityAnalysis-20130612.pdf
          627 kB
          Kevin Minder

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                brian_swan Brian Swan
              • Votes:
                1 Vote for this issue
                Watchers:
                29 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 336h
                  336h
                  Remaining:
                  Remaining Estimate - 336h
                  336h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified